#!/bin/sh
# Copyright (c) Facebook, Inc. and its affiliates. All Rights Reserved
### BEGIN INIT INFO
# Provides:          tac_plus
# Required-Start:    $network $local_fs $syslog $remote_fs
# Required-Stop:     $network $local_fs $remote_fs
# Should-Start:      $named
# Default-Start:     2 3 4 5
# Default-Stop:      0 1 6
# Short-Description: TACACS+ authentication daemon
### END INIT INFO

PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin

DAEMON=/usr/bin/tac_plus
NAME="fb-tac-plus"
DESC="TACACS+ authentication daemon"
LOGDIR=/var/log/
STARTTIME=1
PIDFILEBASE=/var/run/tac_plus.pid

test -x $DAEMON || exit 0

. /lib/lsb/init-functions

# Default options, these can be overriden by the information
# at /etc/default/$NAME
DAEMON_OPTS="-d 16"          # Additional options given to the server
CONFIG_FILE="/etc/tac_plus/tac_plus.conf"
LOGFILE=$LOGDIR/tac_plus.log  # Server logfile

# Include defaults if available
if [ -f /etc/default/$NAME ] ; then
	. /etc/default/$NAME
fi
DAEMON_ARGS="$DAEMON_OPTS -C $CONFIG_FILE"

# Check that the user exists (if we set a user)
# Does the user exist?
if [ -n "$DAEMONUSER" ] ; then
    if getent passwd | grep -q "^$DAEMONUSER:"; then
        # Obtain the uid and gid
        DAEMONUID=`getent passwd |grep "^$DAEMONUSER:" | awk -F : '{print $3}'`
        DAEMONGID=`getent passwd |grep "^$DAEMONUSER:" | awk -F : '{print $4}'`
    else
        log_failure_msg "The user $DAEMONUSER, required to run $NAME does not exist."
        exit 1
    fi
fi

set -e

running_pid() {
# Check if a given process pid's cmdline matches a given name
    pid=$1
    name=$2
    [ -z "$pid" ] && return 1
    [ ! -d /proc/$pid ] &&  return 1
    cmd=`cat /proc/$pid/cmdline | tr "\000" "\n"|head -n 1 |cut -d : -f 1`
    # Is this the expected server
    [ "$cmd" != "$name" ] &&  return 1
    return 0
}

running() {
# Check if the process is running looking at /proc
# (works for all users)
    NOT_RUNNING=0
    if [ "$BIND_ADDRESSES" != "" ]; then
      for ADDR in $BIND_ADDRESSES; do
        PIDFN=$PIDFILEBASE.$ADDR
        if [ ! -f $PIDFN ]; then
          # no pidfile, probably not running
          NOT_RUNNING=1
        else
          pid=`cat $PIDFN`
          running_pid $pid $DAEMON
          if [ "$?" != "0" ]; then
            NOT_RUNNING=1
          fi
        fi
      done
    else
       if [ ! -f $PIDFILEBASE ]; then
        NOT_RUNNING=1
       else
        pid=`cat $PIDFILEBASE`
        running_pid $pid $DAEMON
        if [ "$?" != "0" ]; then
         NOT_RUNNING=1
        fi
      fi
    fi
    return $NOT_RUNNING
}

start_server() {
# Start the process using the wrapper
    FAILED=0
    if check_config_quiet ; then
      if [ "$BIND_ADDRESSES" != "" ]; then
        for ADDR in $BIND_ADDRESSES; do
          start-stop-daemon --start --quiet -m --pidfile $PIDFILEBASE.$ADDR \
                --exec $DAEMON -- $DAEMON_ARGS -B $ADDR
          errcode=$?
          if [ "$errcode" != "0" ]; then
            FAILED=1
          fi
        done
      else
        start-stop-daemon --start --quiet -m --pidfile $PIDFILEBASE \
              --exec $DAEMON -- $DAEMON_ARGS
      fi
    else
         return $?
    fi
}

stop_server() {
  FAILED=0
  if [ "$BIND_ADDRESSES" != "" ]; then
    for ADDR in $BIND_ADDRESSES; do
      PIDFN=$PIDFILEBASE.$ADDR
      killproc -p $PIDFN $DAEMON
      if [ "$?" != "0" ]; then
        FAILED=1
      fi
    done
  else
    killproc -p $PIDFILEBASE $DAEMON
    return $?
  fi
}

reload_server() {
    FAILED=0
    if check_config_quiet ; then
      if [ "$BIND_ADDRESSES" != "" ]; then
        for ADDR in $BIND_ADDRESSES; do
          PIDFN=$PIDFILEBASE.$ADDR
          if [ ! -f "$PIDFN" ]; then
            FAILED=1
          else
            pid=`cat $PIDFN` # This is the daemon's pid
            # Send a SIGHUP
            kill -1 $pid
            if [ "$?" != "0" ]; then
              FAILED=1
            fi
          fi
        done
      else
        pid=`cat $PIDFILEBASE`
        kill -1 $pid
        return $?
      fi
    else
         return $?
    fi
}

check_config() {
	$DAEMON -P $DAEMON_ARGS
	return $?
}

check_config_quiet() {
	$DAEMON -P $DAEMON_ARGS >/dev/null 2>&1
	return $?
}

kill_pid() {
  PIDFN=$1
  [ ! -e "$PIDFN" ] && return
  pid=`cat $PIDFN`
  if running_pid $pid $DAEMON; then
    kill -15 $pid
    # Is it really dead?
    sleep "$DIETIME"s
    if running_pid $pid $DAEMON ; then
      kill -9 $pid
      sleep "$DIETIME"
      if running_pid $pid $DAEMON ; then
        log_progress_msg "Cannot kill $NAME (pid=$pid)!"
        return 1
      fi
    fi
  fi
  return 0
}

force_stop() {
# Force the process to die killing it manually
  FAILED=0
  if [ "$BIND_ADDRESSES" != "" ]; then
    for ADDR in $BIND_ADDRESSES; do
      PIDFN=$PIDFILEBASE.$ADDR
      kill_pid $PIDFN
      if [ "$?" != "0" ]; then
        FAILED=1
      else
	      rm -f $PIDFN
      fi
    done
  else
    kill_pid $PIDFN
    if [ "$?" != "0" ]; then
      FAILED=1
    fi
  fi
  if [ "$FAILED" != "0" ]; then
    log_progress_msg "couldn't kill some instances"
    log_end_msg 1
    exit 1
  else
    log_progress_msg "killed all instances"
    log_end_msg 0
    exit 0
  fi
}


case "$1" in
  start)
	log_daemon_msg "Starting $DESC " "$NAME"
        # Check if it's running first
        if running ;  then
            log_progress_msg "apparently already running"
            log_end_msg 0
            exit 0
        fi
        if start_server ; then
            # NOTE: Some servers might die some time after they start,
            # this code will detect this issue if STARTTIME is set
            # to a reasonable value
            [ -n "$STARTTIME" ] && sleep $STARTTIME # Wait some time
            if  running ;  then
                # It's ok, the server started and is running
                log_end_msg 0
            else
                # It is not running after we did start
                log_end_msg 1
            fi
        else
            # Either we could not start it
            log_end_msg 1
        fi
	;;
  stop)
        log_daemon_msg "Stopping $DESC" "$NAME"
        if running ; then
            # Only stop the server if we see it running
			errcode=0
            stop_server || errcode=$?
            log_end_msg $errcode
        else
            # If it's not running don't do anything
            log_progress_msg "apparently not running"
            log_end_msg 0
            exit 0
        fi
        ;;
  force-stop)
        # First try to stop gracefully the program
        $0 stop
        if running; then
            # If it's still running try to kill it more forcefully
            log_daemon_msg "Stopping (force) $DESC" "$NAME"
			errcode=0
            force_stop || errcode=$?
            log_end_msg $errcode
        fi
	;;
  restart|force-reload)
        log_daemon_msg "Restarting $DESC" "$NAME"
		errcode=0
        stop_server || errcode=$?
        # Wait some sensible amount, some server need this
        [ -n "$DIETIME" ] && sleep $DIETIME
        start_server || errcode=$?
        [ -n "$STARTTIME" ] && sleep $STARTTIME
        running || errcode=$?
        log_end_msg $errcode
	;;
  status)

        log_daemon_msg "Checking status of $DESC" "$NAME"
        if running ;  then
            log_progress_msg "running"
            log_end_msg 0
        else
            log_progress_msg "apparently not running"
            log_end_msg 1
            exit 1
        fi
        ;;
  # Use this if the daemon cannot reload
  reload)
	log_daemon_msg "Reloading $DESC configuration files" "$NAME"
	if reload_server ; then
		if running ; then
			log_end_msg 0
		else
			log_progress_msg "$NAME not running"
			log_end_msg 1
		fi
	else
		log_progress_msg "Reload failled"
		log_end_msg 1
	fi
        ;;
  check)
	check_config
	if [ X$? = "X0" ]
	then
		log_daemon_msg "Checking $DESC configuration files successful" "$NAME"
	else
		log_daemon_msg "Checking $DESC configuration files failed"
		exit 1
	fi
	;;
  *)
	N=/etc/init.d/tacacs_plus
	echo "Usage: $N {start|stop|force-stop|restart|reload|force-reload|status|check}" >&2
	exit 1
	;;
esac

exit 0
